CVE-2007-2175
CVE-2007-2175
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
exploitdbwww.exploit-db.com/exploits/16295no verificadoexploitdbwww.exploit-db.com/exploits/29884no verificadoexploitdbwww.exploit-db.com/exploits/9943no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allowhttp://docs.info.apple.com/article.html?artnum=305446http://lists.apple.com/archives/security-announce/2007/May/msg00001.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/33827http://www.kb.cert.org/vuls/id/420668http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/http://www.osvdb.org/34178http://www.securityfocus.com/archive/1/467319/100/0/threadedhttp://www.securitytracker.com/id?1017950http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/http://www.zerodayinitiative.com/advisories/ZDI-07-023.html